Week 6

Article: A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death
Author: Kevin Poulsen, Robert McMillan and Melanie Evans
Published: September 30, 2021
Source: The Wall Street Journal

This article was incredibly upsetting. Up until now ransomware making victims of hospitals has always been speculated as a danger to human life. Now, we have an actual victim that has died. An unborn child’s condition was not tracked appropriately which resulted in permanent brain damage and the eventual death of the baby. Parents are suing the hospital and the physician and are still in litigation. As it happens the hospital was undergoing an aggressive ransomware attack at the time on the incident and did not inform the patients or the staff of what was occurring in the moment. The hospital was actively trying to mitigate the incident. Not an unusual occurrence as the response is immediate to these kinds of attacks. The hospital did not pay the ransom, which is to be noted. Eventually the institution was able to gain access to their patient files and recover. However, the damage had been done and the patient was irrevocably impacted. If this case is won, this will be the FIRST proven case of ransomware causing a death.

My article this week is one that highlights the emergence of a new APT group targeting the fuel, energy, and aviation industries. This new group is disguising their malware under legitimate services of companies such as Microsoft, TrendMicro, McAfee, IBM, and Google. I find this interesting due to the recent pipeline hack. It seems that these sectors are some that have not been targeted very much so far but could be the focus of a lot of future attacks. This could be the beginning of a trend for the cybersecurity industry. The consequences for attacking these industries are severe in terms of financial and data loss.

 

https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html

Cybercriminals are asking employees to install ransomware on their company’s network in exchange for a portion of the profits.  The article details security researcher, Crane Hassold’s, experience engaging with a scammer offering 40% of the multi-million dollar ransom. The actor disclosed to Hassold that he originally tried phishing senior executives unsuccessfully, which is why he’s reaching out to insiders and asking to partner.  Hassold was asked to install the Demonware ransomware strain which is freely available on Github.

Ransomware typically requires more sophistication to deploy.  The actor used techniques commonly associated with business email compromise to engage the user and manipulate them to act on their behalf.  It’s similar to other scams involving wire transfers, but the payload is ransomware.

Approaching employees directly is not new; however, there are growing concerns about disgruntled employees creating identities on the darknet and offering to launch insider attacks for a fee.  The article cites the Lockbit 2.0 ransomware-as-a-service gang that included a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware.

 

Article: Wanted: Disgruntled Employees to Deploy Ransomware

Author: Brian Krebs

Published: August 19, 2021 

Link: https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/